Get the edge on PSD2 mandate with Worldpay’s Exemption Engine for strong customer authentication
Prepare for the PSD2 SCA directive and understand its impact on merchants.
Heads up: the way merchants manage payments in the European Economic Area (EEA) is changing on September 14, 2019. (UPDATE: National Authorities may “provide limited additional time” for issuers, acquirers and merchants to get SCA ready, provided PSPs have an agreed migration plan.) That’s when PSD2 mandates for Strong Customer Authentication (SCA) go into effect. What does this mean for your business? Let’s take a look.
What is SCA?
SCA is an authentication process that verifies the user’s identity by requiring at least two of the following three elements:
- Possession — something the user has, like a credit card or mobile device
- Knowledge — something the user knows, like a password or PIN
- Inherence — something the user is, like a fingerprint or iris scan
For card payments, this generally means that payments need to go through 3DS2 with a step-up challenge. 3DS2 is a new approach that puts shoppers at the center of the authentication process and aligns with the latest technologies that shoppers use. For the time being, however, 3DS1 plus a one-time-password will also generally be accepted as SCA.SCA is designed to reduce payment fraud. But submitting every online payment to 3DS2, which could lead to a step-up challenge, will increase friction that leads to shopper abandonment. But there’s good news. Worldpay’s Exemption Engine for Strong Customer Authentication (SCA) helps reduce friction at checkout by minimizing step-up challenge requests. Read on to learn more about how this solution works.
Payment filtering
Worldpay’s Exemption Engine filters all transactions so that any out-of-scope payments won’t be subject to SCA. Out-of-scope payments are EEA transactions that don’t fall under the PSD2 mandate, such as MIT, MOTO, and “one leg out” (those where either the payer or the payee is based outside of the EEA.
Exemptions
Transactions which are in-scope of SCA can still enjoy a frictionless check-out through the use of exemptions. As an acquirer, Worldpay can request payments to be exempt from SCA. Issuers are incentivized to respond positively as the fraud liability shifts away from them. Exemptions can be applied in both authorization and authentication. When the merchant requests an acquirer exemption in authorization through the Exemption Engine, the payment bypasses the 3DS2 protocol. Instead of the issuer, the acquirer will make the Transaction Risk Analysis (TRA) risk assessment. An issuer will still make a risk assessment using their existing risk systems. If the issuer does not want to honor the acquirer exemption, they can soft decline the transaction which informs the merchant to step up the transaction using 3DS.When the merchant requests an acquirer exemption in authentication, the payment is still sent through the 3DS2 protocol, and the issuer will make a risk assessment based on the available authentication data. If they honor the exemption, the payment will be authenticated frictionless, without a step-up challenge.
Selecting the best exemption strategy
The rules around exemptions are complex. Not every payment will be eligible for an exemption, and most payments will only be eligible for one particular exemption. The success rate of applying an exemption in authorization depends on how issuers plan to implement their exemption acceptance policies. And with no established standard, issuers differ in their behavior. At Worldpay, we believe our merchants should not have to design, build and maintain the logic needed to use exemptions effectively. Instead, they should only have to tell us they’d like to be exempt from SCA, and we’ll take care of it. Our Exemption Engine has a predictive model that determines and applies the best exemption strategy, tailored to the issuer that will receive the exemption request. This model is kept up to date with every interaction Worldpay has with the issuers. In 2018, Worldpay processed 600 million transactions within the EEA— a volume no other acquirer can match. This gives us all the data we need to create a predictive model that provides our customers the highest SCA exemption rates possible— with the bonus of reducing friction at checkout. You couldn’t ask for a better scenario.
Related Insights
You may also like
3D Secure: 5 benefits of cardholder authentication
3DS is helping online shopping authentication be conducted more securely.
Restaurants at risk: How hospitality can fight back against payment fraud
Navigate new challenges in the hospitality industry with the right technology.
How to prevent in-store credit card fraud
Here are six proven practices to prevent in-store fraud and reduce your card fraud liability risk.